UCF STIG Viewer Logo

WLAN components must be FIPS 140-2 certified.


Overview

Finding ID Version Rule ID IA Controls Severity
V-92237 WIR0115-3 SV-102339r1_rule Medium
Description
If the DoD WLAN components (WLAN AP, controller, or client) are not NIST FIPS 140-2 (Cryptographic Module Validation Program – CMVP) certified, the WLAN system may not adequately protect sensitive unclassified DoD data from compromise during transmission.
STIG Date
WLAN Bridge Security Technical Implementation Guide (STIG) 2019-02-26

Details

Check Text ( C-91401r1_chk )
Review the WLAN equipment specification and verify it is FIPS 140-2 (CMVP) certified for data in transit, including authentication credentials.

If the WLAN equipment is not is FIPS 140-2 (CMVP) certified, this is a finding.
Fix Text (F-98445r1_fix)
Use WLAN equipment that is FIPS 140-2 (CMVP) certified.